public async Task <bool> Execute(string consentId)
{
if (string.IsNullOrWhiteSpace(consentId))
{
throw new ArgumentNullException(consentId);
}
var consentToBeDeleted = new Models.Consent
{
Id = consentId
};
return(await _consentRepository.DeleteAsync(consentToBeDeleted));
}
public Task UpdateAsync(IdentityServer3.Core.Models.Consent consent)
{
var item = _repo.GetConsentBySubjectAndClient(consent.Subject, consent.ClientId);
bool needToInsert = false;
if (item == null)
{
item = new Models.Consent
{
Subject = consent.Subject,
ClientId = consent.ClientId
};
needToInsert = true;
}
if (consent.Scopes == null || !consent.Scopes.Any())
{
if (!needToInsert)
{
_repo.DeleteConsentBySubjectAndClient(consent.Subject, consent.ClientId);
}
}
item.Scopes = StringifyScopes(consent.Scopes);
if (needToInsert)
{
_repo.InsertConsent(item);
}
else
{
_repo.UpdateConsent(item);
}
return(Task.FromResult(0));
}
public async Task When_No_Consent_Has_Been_Given_For_The_Claims_Then_Create_And_Insert_A_New_One()
{
// ARRANGE
InitializeFakeObjects();
const string subject = "subject";
const string clientId = "clientId";
var authorizationParameter = new AuthorizationParameter
{
Claims = new ClaimsParameter
{
UserInfo = new List <ClaimParameter>
{
new ClaimParameter
{
Name = Jwt.Constants.StandardResourceOwnerClaimNames.Subject
}
}
},
Scope = "profile"
};
var claims = new List <Claim>
{
new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.Subject, subject)
};
var claimsIdentity = new ClaimsIdentity(claims, "SimpleIdentityServer");
var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);
var client = new Models.Client
{
ClientId = clientId
};
var resourceOwner = new ResourceOwner
{
Id = subject
};
var actionResult = new ActionResult
{
RedirectInstruction = new RedirectInstruction()
};
ICollection <Scope> scopes = new List <Scope>();
_consentHelperFake.Setup(c => c.GetConfirmedConsentsAsync(It.IsAny <string>(),
It.IsAny <AuthorizationParameter>()))
.Returns(Task.FromResult((Models.Consent)null));
_clientRepositoryFake.Setup(c => c.GetClientByIdAsync(It.IsAny <string>()))
.Returns(Task.FromResult(client));
_parameterParserHelperFake.Setup(p => p.ParseScopes(It.IsAny <string>()))
.Returns(new List <string>());
_scopeRepositoryFake.Setup(s => s.SearchByNamesAsync(It.IsAny <IEnumerable <string> >()))
.Returns(Task.FromResult(scopes));
_authenticateResourceOwnerServiceStub.Setup(r => r.AuthenticateResourceOwnerAsync(It.IsAny <string>()))
.Returns(Task.FromResult(resourceOwner));
_actionResultFactoryFake.Setup(a => a.CreateAnEmptyActionResultWithRedirectionToCallBackUrl())
.Returns(actionResult);
Models.Consent insertedConsent = null;
_consentRepositoryFake.Setup(co => co.InsertAsync(It.IsAny <Models.Consent>()))
.Callback <Models.Consent>(consent => insertedConsent = consent)
.Returns(Task.FromResult(new Models.Consent()));
// ACT
await _confirmConsentAction.Execute(authorizationParameter, claimsPrincipal);
// ASSERT
Assert.NotNull(insertedConsent);
Assert.True(insertedConsent.Claims.Contains(Jwt.Constants.StandardResourceOwnerClaimNames.Subject));
Assert.True(insertedConsent.ResourceOwner.Id == subject);
Assert.True(insertedConsent.Client.ClientId == clientId);
_actionResultFactoryFake.Verify(a => a.CreateAnEmptyActionResultWithRedirectionToCallBackUrl());
}
/// <summary>
/// This method is executed when the user confirm the consent
/// 1). If there's already consent confirmed in the past by the resource owner
/// 1).* then we generate an authorization code and redirects to the callback.
/// 2). If there's no consent then we insert it and the authorization code is returned
/// 2°.* to the callback url.
/// </summary>
/// <param name="authorizationParameter">Authorization code grant-type</param>
/// <param name="claimsPrincipal">Resource owner's claims</param>
/// <returns>Redirects the authorization code to the callback.</returns>
public async Task <ActionResult> Execute(
AuthorizationParameter authorizationParameter,
ClaimsPrincipal claimsPrincipal)
{
if (authorizationParameter == null)
{
throw new ArgumentNullException(nameof(authorizationParameter));
}
if (claimsPrincipal == null ||
claimsPrincipal.Identity == null)
{
throw new ArgumentNullException(nameof(claimsPrincipal));
}
var client = await _clientRepository.GetClientByIdAsync(authorizationParameter.ClientId);
if (client == null)
{
throw new InvalidOperationException(string.Format("the client id {0} doesn't exist",
authorizationParameter.ClientId));
}
var subject = claimsPrincipal.GetSubject();
Models.Consent assignedConsent = await _consentHelper.GetConfirmedConsentsAsync(subject, authorizationParameter);
// Insert a new consent.
if (assignedConsent == null)
{
var claimsParameter = authorizationParameter.Claims;
if (claimsParameter.IsAnyIdentityTokenClaimParameter() ||
claimsParameter.IsAnyUserInfoClaimParameter())
{
// A consent can be given to a set of claims
assignedConsent = new Models.Consent
{
Client = client,
ResourceOwner = await _authenticateResourceOwnerService.AuthenticateResourceOwnerAsync(subject),
Claims = claimsParameter.GetClaimNames()
};
}
else
{
// A consent can be given to a set of scopes
assignedConsent = new Models.Consent
{
Client = client,
GrantedScopes = (await GetScopes(authorizationParameter.Scope)).ToList(),
ResourceOwner = await _authenticateResourceOwnerService.AuthenticateResourceOwnerAsync(subject),
};
}
// A consent can be given to a set of claims
await _consentRepository.InsertAsync(assignedConsent);
_simpleIdentityServerEventSource.GiveConsent(subject,
authorizationParameter.ClientId,
assignedConsent.Id);
}
var result = _actionResultFactory.CreateAnEmptyActionResultWithRedirectionToCallBackUrl();
await _generateAuthorizationResponse.ExecuteAsync(result, authorizationParameter, claimsPrincipal, client);
// If redirect to the callback and the responde mode has not been set.
if (result.Type == TypeActionResult.RedirectToCallBackUrl)
{
var responseMode = authorizationParameter.ResponseMode;
if (responseMode == ResponseMode.None)
{
var responseTypes = _parameterParserHelper.ParseResponseTypes(authorizationParameter.ResponseType);
var authorizationFlow = GetAuthorizationFlow(responseTypes, authorizationParameter.State);
responseMode = GetResponseMode(authorizationFlow);
}
result.RedirectInstruction.ResponseMode = responseMode;
}
return(result);
}
